Quality, Expert-Derived Cybersecurity Documentation To Keep Organizations Secure, Compliant & Resilient - No AI Slop!
Secure Controls Framework

Does DoD require NIST SP 800-171 Rev. 3?

Direct Answer

Not yet. The US Department of Defense (DoD) /Department of War (DoW) does not currently require NIST SP 800-171 Rev 3.

The current CMMC Program ruleidentifies CMMC Level 2 security requirements as identical to NIST SP 800-171Rev. 2. DoD/DoW has also stated that NIST SP 800-171 Rev. 3 will beformally adopted through future rulemaking, and that assessments remain againstRev. 2 until Rev. 3 is officially adopted.

Keep Exploring

Relevant ComplianceForge Resources

References

Authoritative Sources

NIST SP 800-171 Rev. 3: https://csrc.nist.gov/pubs/sp/800/171/r3/final

NIST SP 800-171A Rev. 3: https://csrc.nist.gov/pubs/sp/800/171/a/r3/final

DoD CMMC Alignment to NIST Standards: https://dodcio.defense.gov/Portals/0/Documents/CMMC/CMMC-AlignmentNIST-Standards.pdf

32 CFR Part 170 — Cybersecurity Maturity Model Certification Program: https://www.ecfr.gov/current/title-32/subtitle-A/chapter-I/subchapter-G/part-170